ISO 22301 Lead Auditor Course Outline
Module 1: Introduction to Business Continuity Management Systems
- What is a BCMS?
- Management Systems
- What is Business Continuity Management System?
- BCM System Process
- Business Continuity Management (BCM)
- BCMS Benefits
- Business Continuity Management Lifecycle
- Applicability and Objectives
Module 2: Scope of a BCMS
Module 3: Fundamental Principles and Concepts of Business Continuity
- Build a Comprehensive Plan
- Implement Each Step of the Action Plan
- Check and Evaluate Results
- Review and Make Improvements
Module 4: Clauses 4 to 8 of ISO 22301
- Introduction
- Clauses of ISO 22301
- Clause 4 – Context of the Organisation
- Clause 5 – Leadership
- Clause 6 – Planning
- Clause 7 – Support
- Clause 8 – Operations
Module 5: Overview of ISO 22301 Standard
- Introduction to ISO 22301
- 22301 Standard
- 22301 Standard Progression
- 22301 High-level Methodology
- Implementation Cycle Times
Module 6: BCM Mandatory Documents
- Clause 4.2.2
- Clause 4.3
- Clause 5.3
- Clause 6.2
- Clause 7.2
- Clause 7.4
- Clause 8.2.1
- Clause 8.2.2
- Clause 8.2.3
- Clause 8.4.1
- Clause 8.4.2
- Clause 8.4.3
- Clause 8.4.4
- Clause 8.4.5
- Clause 9.1.1
- Clause 9.3
- Clause 10.1
Module 7: Leadership
- Leadership and Commitment
- Establishing the Business Continuity Policy
- Communicating the Business Continuity Policy
Module 8: Management Roles and Responsibilities
- Overview
- Impediments to Success
- Aids to Success
Module 9: Implementation Phases of the ISO 22301 Framework
- Management Support
- Identification of Requirements
- Business Continuity Policy and Objectives
- Support Documents for Management System
- Risk Assessment and Treatment
- Business Impact Analysis
- Business Continuity Strategy
- Business Continuity Plan
- Training and Awareness
- Documentation Maintenance
- Exercising and Testing
- Post-Incident Reviews
- Communication with Interested Parties
- Measurement and Evaluation
- Internal Audit
- Corrective Actions
- Management Review
Module 10: Continual Improvement of a BCMS
- Continual Improvement
- BCMS Control System
- Areas of Continual Improvement
Module 11: Audit
Module 12: Auditing Principles
- Fundamental Principles
- Internal Auditing
- Scope
- PDCA Cycle
Module 13: Auditing Roles
- What are the Roles?
- Organisational Context
- Management Responsibilities
- Planning, Support, and Operation
- Performance Evaluation
- Improvement
Module 14: Roles and Responsibilities of the Auditor
- Internal Auditing
- Roles and Responsibilities
- Typical Internal Audit
Module 15: Skills of an Internal Auditor
- Internal Auditing Goals
- Qualities of an Auditor
- Auditing Skills
Module 16: Purpose of Internal Auditing
- 22301 Mission
- Key Benefits of BCMS
Module 17: Audit Procedures
- BCMS Audit Process
- Elements of an Internal Audit
- Internal Audit Process
- Required Documentation
- Supporting Procedural Documentation
- Required Records and Documentation
Module 18: Audit Triangle
- Fraud Triangle
- Tackling the Fraud Triangle
Module 19: Auditing Techniques
- Classifying Audit Findings
- On-Site Auditing
- Remote Auditing Methods
Module 20: Work Document Approach
- Steps to Certification
- Certification Audits
Module 21: Business Continuity Control Best Practice
- Overview
- BCM Policy
- Management Commitment
- Plan How to Deal with an Emergency
- Impediments to Success
- Disaster Recovery
Module 22: Planning a Business Continuity Management System (BCMS)
- Planning a BCMS
- Steps to Plan a BCMS
Module 23: Implementation of Business Continuity and Writing Procedures
- Communication
- Writing a Scenario
- Delivering the Scenario
- Implementing a BCMS
Module 24: Business Impact Analysis (BIA) and Risk Assessment
- Business Impact Analysis
- Risk Assessment
- Risk Assessment Methodologies and Implementation
- Risk Treatment Implementation
Module 25: Incident Management and Emergency Management
- Incident Management
- Emergency Management
- Key Elements of Crisis Management Respond Process
Module 26: Operations Management of a BCMS
- Introduction to Operations Management of a BCMS
Module 27: Business Continuity Strategies and Solutions
- General
- Identification of Strategies and Solutions
- Selection of Strategies and Solutions
- Resource Requirements
- Implementation of Solutions
Module 28: Business Continuity Plans and Procedures
- General
- Response Structure
- Warning and Communication
- Business Continuity Plans
- Recovery
- Evaluation of Business Continuity Documentation and Capabilities
Module 29: Performance Evaluation, Monitoring, and Measurement of a BCMS
- Performance Evaluation, Monitoring, and Measurement of a BCMS
- Key Performance Indicators (KPI)
- Identifying Indicators of an Organisation
- Critical Success Factors (CSFs)
- Writing an Effective Critical Success Factor
- CSFs for Strategic Planning
- Performance Evaluation
- Case Study: Telefonica
- Cutting Complexity
- Taking Actions
Module 30: Development of Metrics, Performance Indicators, and Dashboards
- Development of Metrics
- KPI Dashboards
- Steps to Create KPI Dashboards
Module 31: Internal Audit and Management Review of a BCMS
- Internal Audit
- Introduction to Management Review
- Purpose of Management Review
- Management Review Input
- Management Review Outputs
Module 32: Improvement and Implementation of a Continual Improvement Program
- Nonconformity and Corrective Action
- Continual Improvement
- Lifelong Learning
- Tone from the Top
- Let’s have a Plan
- Second Opinion
- Catching up
- Takeaway
Module 33: Preparing for a BCMS Certification Audit
- Choose a Certification Body
- Certification Audits
- Surveillance Visits
Module 34: Development of a BCMS and Business Continuity Policies
- Steps for Development of a BCMS
- Business Continuity Policies
Module 35: Purpose of Management Review
- Conducting an Audit
- Core Audit Principles and Concepts
- Evidence and Risk
- Preparation of an Audit
- BCMS Documentation Audit
- Opening Meeting
Module 36: Directing an ISO 22301 Audit
- Communication During the Audit
- Audit Actions
- Findings from the Audit
Module 37: Manage Auditing Teams, Improve Analysing, and Reporting Skills
- Introduction
- Management Audit Procedure
- Improvement Analysing
- Data Analyses
- Root Cause Analysis
- Reporting Skills
Module 38: Directing an ISO 22301 Audit
- Components of the Documentation
- Supporting Procedural Documentation
- Closing Meeting
- Assessing Corrective Action Plans
- ISO 22301 Surveillance Audit
- Internal Audit Management Programme
- Second Party Audits